This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Increase of Exploit ROP being caught in Microsoft Surface Pros

I am noticing a trend in the Root Cause Analysis on Sophos Central. Several of end user Surface Pros are getting flagged with Exploit ROP. When I checked with one user he said he was getting the warning message right after log in.

This has been happening for about a month which was about when Microsoft pushed out the Fall Creators update. So, I think these errors may be tied to that. Are any other community members seeing this issue?

Thanks,

Rick

This thread was automatically locked due to age.

Parents

Rick DeFilippo over 6 years ago

I think it may have to do with the Windows 10 cache (perhaps a corruption). I am seeing it on Surface Pros and PCs with Windows 10.

I had one user restart his Surface Pro to clear the cache and that made the detections go away for a while. My next step is to have him restart his Surface Pro once a week before he goes to lunch. and see if that puts an end to the detections. Once I confirm it's related to cache I will submit my results to Sophos support.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Rick DeFilippo over 6 years ago

I think it may have to do with the Windows 10 cache (perhaps a corruption). I am seeing it on Surface Pros and PCs with Windows 10.

I had one user restart his Surface Pro to clear the cache and that made the detections go away for a while. My next step is to have him restart his Surface Pro once a week before he goes to lunch. and see if that puts an end to the detections. Once I confirm it's related to cache I will submit my results to Sophos support.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data